We help IT Professionals succeed at work.

Event Warning

dgrafx
dgrafx asked
on
926 Views
Last Modified: 2011-10-03
I get the following two warnings in event viewer. I believe they are related so am putting them into one question.

1) Dynamic registration or deletion of one or more DNS records associated with DNS domain 'thisdomain.com.' failed.  These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).  

Possible causes of failure include:  
- TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
- Specified preferred and alternate DNS servers are not running
- DNS server(s) primary for the records to be registered is not running
- Preferred or alternate DNS servers are configured with wrong root hints
- Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration  

2) The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates:  

DNS server IP address: xx.xxx.xxx.xxx
Returned Response Code (RCODE): 4
Returned Status Code: 9004  

What do I need to do to fix this?
Comment
Watch Question

David WilhoitSenior Consultant, Exchange

Commented:
Do you have an external IP address on this server, or do you have an external DNS entered on the TCP/IP stack, that would cause this box to try and register itself externally?

D
CERTIFIED EXPERT

Author

Commented:
I'll anwer with what I think you mean - if I misunderstand let me know.
on the TCP/IP I have the default gateway and DNS servers set to that of the ISP - are you saying that the DNS server (primary anyway) should be set to the ip addr of the machine? How about the default gateway? And if this is what you mean - is it a good idea to change authoritative name server to this machine (now sub-domains are configured on registrars name server)?
Senior Consultant, Exchange
Commented:
This one is on us!
(Get your first solution completely free - no credit card required)
UNLOCK SOLUTION
CERTIFIED EXPERT

Author

Commented:
ok - this has taken care of the errors.
what is DFG?
one problem using this machine as authoritative NS: we just recently moved to win2K3 and in setting up subdomains (add New Alias(CNAME) in DNS) concerning the first blank where the alias is entered where it says Alias name(uses parent domain if left blank) - won't allow me to leave this blank. I could leave it blank in win2K. So how does one configure so that a visitor simply entering thisdomain.com (without a www or other subdomain) will resolve? Do I need to create a new A Record?
David WilhoitSenior Consultant, Exchange

Commented:
DFG= Default Gateway. Now, subdomains: are you hosting other public domains for customers or is this internal AD? Is this a public DNS server that you've set up?

d
CERTIFIED EXPERT

Author

Commented:
Thanks - not for customers - but we have 3 domain names hosted with a few sub-domains under each. And I don't know what you mean by public DNS server.
btw DNS is AD integrated.
And so are you saying the DFG in the TCP/IP should point to this machine as well?
Let me describe the situation. Small company doing web development using one server to host demo apps and apps under development. About 10 sites right now. We're just code guys - none of us have any REAL experience or knowledge in this area - we just set it up and if it works for our purposes then it works. But we don't want to risk potential customers not being able to connect.
David WilhoitSenior Consultant, Exchange

Commented:
I agree. Public DNS, by that I mean a DNS server that is usable by anyone, like Bellsouth's DNS servers are available for everyone. The DFG is normally, when you have a firewall, an internal address like 192.168.0.1, and that address sits on the firewall, and allows traffic to go out thru the external address on the firewall. Is the public address you're dealing with on the web server itself, as in, assigned to a network card? I think I need more details from you....

D
CERTIFIED EXPERT

Author

Commented:
At this we do not have a firewall - with win 2K we were using IISLockDown & haven't gotten around to locking down win2K3 (don't know yet what tool is appropriate for win2k3) and yes, I know, not as good as firewall - so the DFG can be set to this machines IP - tried it - seems to work.
btw we have one IP addr & one nic - have to pay for additional IPs - didn't ever see a reason to run multiple IPs.
I don't imagine anyone is using this machine as DNS server but I suppose they could - so I don't know if that constitutes public.
sorry if I'm not quite answering what you want.
David WilhoitSenior Consultant, Exchange

Commented:
hmmm....sounds like you might just be wide open to the world. So, only 1 server in the whole environment? You're running everything on 1 box? Or did I miss something?

D
CERTIFIED EXPERT

Author

Commented:
yes - everything on one box - like I said - the environment is development & demo with a 'front page' containing what we do blah blah blah & links to demos and 'stuff'
David WilhoitSenior Consultant, Exchange

Commented:
well, it's a huge risk. I strongly suggest you put in some kind of firewall, so that you only have an internal address, and let that external address reside on the router/firewall. But that has nothing to do with this problem. Leave the DFG the way it is, your DNS should be cleanly configured now.

Definitely give the firewall some consideration..... and stay away from IIS lockdown in your situation, or you'll lock your Exchange server out.

D
CERTIFIED EXPERT

Author

Commented:
ok - just the one thing though - how does one configure so that a visitor simply entering thisdomain.com (without a www or other subdomain) will resolve? Do I need to create a new A Record? refer to earlier.
will get on the firewall thing
David WilhoitSenior Consultant, Exchange

Commented:
why do you want them to be able to do that? explain what you're trying to accomplish here.

D
CERTIFIED EXPERT

Author

Commented:
I don't know what you mean exactly, but ...
OK - with Win2k one could add New Alias(CNAME) leaving the Alias name(uses parent domain if left blank) blank. This is necessary to resolve when a visitor enters thisdomain.com in their browser instead of www.thisdomain.com. Every now and then I come across a site who does not have this configured and so get page cannot be displayed (or similar) error, so then I add the www. and then the site displays. I feel this is general courtesy towards the visitor - like an intuitive site layout.
We used to use Win2K as authoritative NS but went to registrars NS 'cause of this. I don't understand why the 'uses parent domain if left blank' wording is still there if Win2K3 won't let a person do this.

Or are you saying there is another way to do this and are wondering why I'm trying to do this in this fashion?

thanks,

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.